Maintained by: NLnet Labs

[Unbound-users] Forward Zones and .local

Ian Mordey
Wed Oct 12 15:24:04 CEST 2011


I fixed this by adding:
domain-insercure: "Allurian.local"
to the config..

I appear to have another problem now:
Oct 12 14:20:28 man01 unbound: [31813:1] info: validation failure test.dnssec-or-not.net. A IN
Oct 12 14:20:28 man01 unbound: [31813:1] info: validation failure test.dnssec-or-not.net. AAAA IN
Oct 12 14:21:46 man01 unbound: [31813:1] info: validation failure test.dnssec-or-not.net. A IN

Is this a valid error? It seems strange that a site for testing dnssec doesn't work!

If I test using http://dnssectest.sidn.nl/test.php I get a nice green tick..

Cheers
Ian


From: unbound-users-bounces at NLnetLabs.nl [mailto:unbound-users-bounces at NLnetLabs.nl] On Behalf Of Ian Mordey
Sent: 12 October 2011 12:58
To: unbound-users at unbound.net
Subject: [Unbound-users] Forward Zones and .local

Hi there
I have some .local domains I need unbound to pass off to internal Active Directory DNS servers. For example:
forward-zone:
        name: "allurian.local"
        forward-addr:   10.150.0.32
        forward-addr:   10.150.0.33

However when I try to dig from my laptop Unbound gives me a servfail..

; <<>> DiG 9.8.1 <<>> aaa01.allurian.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 55546
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;aaa01.allurian.local.                       IN           A

;; Query time: 3 msec
;; SERVER: 10.150.0.50#53(10.150.0.50)
;; WHEN: Wed Oct 12 12:57:48 2011
;; MSG SIZE  rcvd: 38

Have I missed a config option somewhere?

Thanks
Ian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20111012/fffc198c/attachment.html>